Node.js / Express.js链证书不起作用
[英]Node.js/Express.js Chain Certificate Not working
问题描述
I have an SSL server in Express, which is not working on all browsers (unless the user manually trusts the website) since some browsers require the chain certificate (we have our own intermediate certificate). 
我在Express中有一个SSL服务器,它不适用于所有浏览器(除非用户手动信任该网站),因为某些浏览器需要链证书(我们有自己的中间证书)。 I've put our intermediate and chain certificate in one .crt file. 我把我们的中间和链证书放在一个.crt文件中。 The chain + intermediate certificate is in the INT_CERT_FILE variable. 链+中间证书位于INT_CERT_FILE变量中。 It does not seem to work. 它似乎不起作用。 I am using http://www.digicert.com/help , as well as running openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " 我正在使用http://www.digicert.com/help ,以及运行openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " to check, but it does not seem to be returning the intermediate + chain certificate. 要检查openssl s_client -connect tasker.adnxs.net:443 -showcerts | grep "^ " ,但它似乎没有返回中间+链证书。
Here's how I'm setting it up: 这是我如何设置它:
var fs = require("fs");
var https = require("https");
var express = require("express");
var KEY_FILE = fs.readFileSync("path/to/key/file.key");
var CERT_FILE = fs.readFileSync("path/to/crt/file.crt);
var INT_CERT_FILE = fs.readFileSync("path/to/intermediate and chain crt.crt");
var _app_https = express();
var _server_https = null;
_server_https = https.createServer({
key: KEY_FILE,
cert: CERT_FILE,
ca: INT_CERT_FILE
}, _app_https).listen(443);
When visiting it on Firefox, Firefox does not recognise its identity and requires it to be manually trusted. 在Firefox上访问它时,Firefox无法识别其身份并要求手动信任。 How can I fix this issue? 我该如何解决这个问题?
Thanks, 谢谢,
2 个解决方案
解决方案1
64 已采纳 2013-12-07 18:17:13
Does your intermediate certificate file contains multiple certificate blocks? 您的中间证书文件是否包含多个证书块?
If that's the case you should split them into different files and read them one by one. 如果是这种情况,您应该将它们分成不同的文件并逐个阅读。 You can pass them as an array to the ca parameter. 您可以将它们作为数组传递给ca参数。
I've got it working with the code below: 我已经使用下面的代码:
var https = require('https'),
read = require('fs').readFileSync,
httpsOptions = {
key: read('ssl/mycertificate.key', 'utf8'),
cert: read('ssl/mycertificate.crt', 'utf8'),
ca: [
read('ssl/rapidssl_1.pem', 'utf8'),
read('ssl/rapidssl_2.pem', 'utf8')
]
};
https.createServer(httpsOptions, function (req, res) {
// ...
});
解决方案2
8 2015-07-25 17:29:31
Handy little snippet if you actually can't modify any SSL-related files on the server - you can split the "ssl chain" file yourself. 如果您实际上无法修改服务器上任何与SSL相关的文件,那么方便的小片段 - 您可以自己拆分“ssl链”文件。 Spent a little while when tried to get Node and socket.io to work with SSL (was getting net::ERR_INSECURE_RESPONSE error on the client) so thought will share it: 试图让Node和socket.io使用SSL(在客户端上遇到net :: ERR_INSECURE_RESPONSE错误)时花了一点时间,所以想到会分享它:
var read = require('fs').readFileSync; var privateKey = read(MY_KEY_LOCATION, 'utf8'); var certificate = read(MY_CERT_LOCATION, 'utf8'); var chainLines = read(MY_CHAIN_LOCATION, 'utf8').split("\\n"); var cert = []; var ca = []; chainLines.forEach(function(line) { cert.push(line); if (line.match(/-END CERTIFICATE-/)) { ca.push(cert.join("\\n")); cert = []; } }); var credentials = { "key": privateKey, "cert": certificate, "ca": ca }; var httpsServer = https.createServer(credentials, app); var io = require('socket.io').listen(httpsServer);
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.